Published:2007/03/19  Last Updated:2015/10/21

JVN#83832818
Interstage Application Server cross-site scripting vulnerability

Overview

The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console (may be referred to as "Servlet Service for Interstage Operation Management" in certain versions) included in the Interstage product series from Fujitsu contain a cross-site scripting vulnerability.

As of March 19, 2007, Fujitsu has announced workarounds for this issue. For more information, refer to the vendor's website.

Products Affected

A wide range of products is affected. For more information, refer to the vendor's website.

Description

Impact

An arbitrary script may be executed on the user's web browser.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
FUJITSU LIMITED Vulnerable 2015/10/13

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2007-000218

Update History

2015/10/21
FUJITSU LIMITED update status